VYPR

SMS Alert Order Notifications – WooCommerce

by WordPress

CVEs (4)

  • CVE-2024-13553CriApr 1, 2025
    risk 0.64cvss 9.8epss 0.01

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground…

  • CVE-2024-11725HigJan 7, 2025
    risk 0.50cvss 8.8epss 0.01

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including,…

  • CVE-2024-10233MedOct 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1489MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.00

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for…